Apache Ambari - What's New in 1.2.5


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Simple method for creating a self-signed certificate…1. Create a Private Keysudoopensslgenrsa -des3 -out server.key 10242. Generate a CSR (Certificate Signing Request) sudoopensslreq -new -key server.key -out server.csr3. Generating a Self-Signed Certificatesudoopenssl x509 -req -days 365 -in server.csr -signkeyserver.key -out server.crt
  • Apache Ambari - What's New in 1.2.5

    1. 1. © Hortonworks Inc. 2013 Apache Ambari 1.2.5 August 2013 Page
    2. 2. © Hortonworks Inc. 2013 What’s New in Ambari 1.2.5 • Manage Kerberos Secure Cluster • Customizable Dashboard Widgets • Improved Service Controls • Expanded Host Checks • Reduced “root” requirements • Core Security Enhancements –Setup Ambari Server HTTPS –Master Key Property Encryption –Optional Server-Agent SSL Communication –Optional Ganglia and Nagios SSL Page 2
    3. 3. © Hortonworks Inc. 2013 Manage Kerberos Secured Cluster Page 3 • Run “Security Wizard” • Download-able CSV of necessary principals & keytabs • Applies configuration properties and restarts Services
    4. 4. © Hortonworks Inc. 2013 Customizable Dashboard Widgets Page 4
    5. 5. © Hortonworks Inc. 2013 Improved Service Controls • Start All and Stop All Service Controls • Live Component Status Page 5
    6. 6. © Hortonworks Inc. 2013 Expanded Host Checks • During “cluster install” or add hosts”, more host checks and script-able report /var/lib/ambari-agent/data/hostcheck.result Page 6
    7. 7. © Hortonworks Inc. 2013 Reduced “root” requirements • Run “Ambari Server” as root or non-root account Page 7 AMBARI SERVER AMBARI WEB RDBMS root or non-root HADOOP AMBARI AGENT HOS T AMBARI AGENT HOS T AMBARI AGENT HOS T AMBARI AGENT HOS T AMBARI AGENT HOS T AMBARI AGENT HOS T AMBARI AGENT HOS T AMBARI AGENT HOS T Run as…
    8. 8. © Hortonworks Inc. 2013 Ambari Server HTTPS Page 8 • Configure SSL for Ambari • Provide Certificate during “setup”
    9. 9. © Hortonworks Inc. 2013 Learn More Page 9 Resource Location Apache Ambari Project Page http://incubator.apache.org/ambari/ Mailing Lists http://incubator.apache.org/ambari/mail-lists.html Ambari Wiki https://cwiki.apache.org/confluence/display/AMBARI Ambari JIRA https://issues.apache.org/jira/browse/AMBARI
    10. 10. © Hortonworks Inc. 2013 Appendix Two-Way SSL for Server-Agent Communication Page 10
    11. 11. © Hortonworks Inc. 2013 Secure Server-Agent Communication Page 11 Ambari Server Ambari Agent 11) Agent Heartbeat Begins 1) Connect on Handshake port 8441 4) Sign Agent Cert 2) Download Server Cert 6) Connect on Registration port 8440 7) Perform 2WAY auth using Agent Cert 10) Complete Host Registration Agent Host 8) Get FQDN 9) Register host 3) Request to Sign Agent Cert 5) Download Agent Cert + Disconnect
    12. 12. © Hortonworks Inc. 2013 Flow Details Page 12 Operation Description 1 Connect on Handshake port 8441 Ambari Agent connects to Ambari Server on the handshake port. 2 Download Server Certificate Ambari Agent downloads the Server Certificate. 3 Request to sign Agent Certificate Ambari Agent requests for Ambari Server to sign the Agent Certificate. 4 Sign Agent Cert Ambari Server signs Agent Certificate with password. 5 Download Agent Cert and Disconnect Ambar Agent downloads Agent Certificate and disconnects. 6 Connect on Registration port 8440 Ambari Agent connects to Ambari Server on the registration port. 7 Perform 2WAY auth using Agent Cert 2WAY authentication between Agent and Server. 8 Get FQDN Ambari Agent host gets the Fully Qualified Domain Name (FQDN) for the Agent host. Note: (8a) In case the host has multiple hostnames, use the host script to echo the hostname to use for registration. 9 Register Host Using the FQDN, the Agent host registers with the Ambari Server. 10 Complete Host Registration Ambari Server completes the host registration by adding the host to the Ambari DB. 11 Agent Heartbeat Begins Ambari Agent starts heartbeat to Ambari Server, checking for commands to execute.